<?php
include_once 'mysql_connect.php';
//获取IP	
function GetIP()
{ 
	if ($_SERVER["HTTP_X_FORWARDED_FOR"])
		$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
	else if ($_SERVER["HTTP_CLIENT_IP"])
		$ip = $_SERVER["HTTP_CLIENT_IP"];
	else if ($_SERVER["REMOTE_ADDR"])
		$ip = $_SERVER["REMOTE_ADDR"];
	else if (getenv("HTTP_X_FORWARDED_FOR"))
		$ip = getenv("HTTP_X_FORWARDED_FOR");
	else if (getenv("HTTP_CLIENT_IP"))
		$ip = getenv("HTTP_CLIENT_IP");
	else if (getenv("REMOTE_ADDR"))
		$ip = getenv("REMOTE_ADDR");
	else
		$ip = "Unknown";
	return $ip;
}

//提示if
if(isset($_GET['show']))
{	
	echo "&nbsp;<hr />&nbsp".$_GET['show'];
}
//发帖空间
if(isset($_POST['topic_sub']))
{
	$title=$_POST['title'];
	$content=$_POST['content'];
	
	if(empty($title))
	{
		$message="主题名不能为空";
		header("location:show.php?show=$message");		
	}
	elseif(empty($content))
	{
		$message="内容不能为空";
		header("location:show.php?show=$message");
	}
	else
	{

		$ip=GetIP();
		$topic_infor=explode(',',$_GET['topic']);
		$uid=$topic_infor['0'];
		$fid=$topic_infor['1'];
		$new_topics=mysql_query("SELECT `ftopics` FROM `bbs_forum` WHERE `fid`='$fid'");
		$new_topics=mysql_fetch_array($new_topics);
		$new_topics=$new_topics['ftopics']+1;
		$username=$topic_infor['2'];
		$time=time();
		$tid=mysql_query("SELECT `tid` FROM `bbs_topic` ORDER BY `tid` DESC");
		$tid=mysql_fetch_row($tid);
		$tid=$tid['0']+1;
		$topics=mysql_query("SELECT `topics` FROM `bbs_member_infor` WHERE `uid`='$uid'");
		$topics=mysql_fetch_array($topics);
		$topics=$topics['topics']+1;
		
		if(mysql_query("INSERT INTO `bbs_topic` (`fid`,`uid`,`father_tid`,`dateline`,`ip`,`title`) VALUES ('$fid','$uid','$tid','$time','$ip','$title')"))
		{
			mysql_query("INSERT INTO `bbs_topic_content` (`tid`,`content`) VALUES ('$tid','$content')");
			mysql_query("UPDATE `bbs_member_infor` SET `topics`='$topics' WHERE `uid`='$uid'");
			mysql_query("UPDATE `bbs_forum` SET `ftopics`='$new_topics' WHERE `fid`='$fid'");
			
			$message="$uid,$fid,发帖成功";
			header("location:forum.php?uid_mess=$message");

		}
		else
		{
			$message="发帖失败<br>请不要重名";
			header("location:show.php?show=$message");
		}
	}
}
//删除ID
if(isset($_POST['delete_uid']))
{
	$d_uid=$_GET['del_id'];
	$d_ob_id=$_POST['d_ob_id'];
	$d_ob_user=$_POST['d_ob_user'];
	if(($d_ob_id != '') && ($d_ob_user == ''))
	{	
		if(mysql_query("SELECT `uid` FROM `bbs_member` WHERE `uid`='$d_ob_id'"))
		{
			$d_ob_class=mysql_query("SELECT `class` FROM `bbs_member` WHERE `uid`='$d_ob_id'");
			$d_ob_class=mysql_fetch_array($d_ob_class);
			switch($d_ob_class['class'])
			{
				case 4: $d_ob_classn='版主'; break;
				case 5: $d_ob_classn='管理员'; break;
			}
			if($d_ob_class['class']<=3)
			{
				if(mysql_query("DELETE FROM `bbs_member` WHERE `uid`='$d_ob_id'"))
				{
					$mess="$d_uid,删除成功";
					header("location:bbs.php?uid_mess=$mess");
				}
				else
				{
					$message="未知错误";
					header("location:show.php?show=$message");
				}
			}
			else
			{
				$message="对象是<font color=red>$d_ob_classn</font>你无权删ID";
				header("location:show.php?show=$message");
			}
		}
		else
		{
			$message="此ID<font color=red>$d_ob_id</font>不存在";
			header("location:show.php?show=$message");
		}

	}
	elseif(($d_ob_id == '') && ($d_ob_user != ''))
	{		
		if(mysql_query("SELECT `username` FROM `bbs_member` WHERE `username`='$d_ob_user'"))
		{
			$d_ob_class=mysql_query("SELECT `class` FROM `bbs_member` WHERE `username`='$d_ob_user'");
			$d_ob_class=mysql_fetch_array($d_ob_class);
			switch($d_ob_class['class'])
			{
				case 4: $d_ob_classn='版主'; break;
				case 5: $d_ob_classn='管理员'; break;
			}
			if($d_ob_class['class']<=3)
			{
				if(mysql_query("DELETE FROM `bbs_member` WHERE `username`='$d_ob_user'"))
				{
					$mess="$d_uid,删除成功";
					header("location:bbs.php?uid_mess=$mess");
				}
				else
				{
					$message="未知错误";
					header("location:show.php?show=$message");
				}
			}
			else
			{
				$message="对象是<font color=red>$d_ob_classn</font>你无权删ID";
				header("location:show.php?show=$message");
			}
		}
		else
		{
			$message="此用户名<font color=red>$d_ob_user</font>不存在";
			header("location:show.php?show=$message");
		}
	}
	elseif(($d_ob_id != '') && ($d_ob_user != ''))
	{
		$username=mysql_query("SELECT `username` FROM `bbs_member` WHERE `uid`='$d_ob_id'");
		$username=mysql_fetch_array($username);
		if($username['username'] != $d_ob_user)
		{
			$message="对象名和对象UID不匹配,请填写一致或者只填写其中一项";
			header("location:show.php?show=$message");
		}
		else
		{
			$d_ob_class=mysql_query("SELECT `class` FROM `bbs_member` WHERE `uid`='$d_ob_id'");
			$d_ob_class=mysql_fetch_array($d_ob_class);
			switch($d_ob_class['class'])
			{
				case 4: $d_ob_classn='版主'; break;
				case 5: $d_ob_classn='管理员'; break;
			}
			if($d_ob_class['class']<=3)
			{
				if(mysql_query("DELETE FROM `bbs_member` WHERE `uid`='$d_ob_id'"))
				{
						$mess="$d_uid,删除成功";
						header("location:bbs.php?uid_mess=$mess");
				}
				else
				{
					$message="未知错误";
					header("location:show.php?show=$message");
				}
			}
			else
			{
				$message="对象是<font color=red>$d_ob_classn</font>你无权删ID";
				header("location:show.php?show=$message");
			}
		}
	}
	else
	{
		$message="对象名和对象UID最好填一项或者填写一致，否则会出现未考虑错误";
		header("location:show.php?show=$message");
	}
}

//增加版块if
if(isset($_POST['add_F']))
{	
	$fuid=$_GET['add'];
	$username=mysql_query("SELECT `username` FROM `bbs_member` WHERE `uid`='$fuid' ");
	$username=mysql_fetch_array($username);
	$username=$username['username'];
	$fname=$_POST['fname'];
	$fdescription=$_POST['fdescription'];
	if(empty($fname) || empty($fdescription))
	{
		$message="不能填写空值";
		header("location:show.php?show=$message");
	}
	else
	{
		if(mysql_query("INSERT INTO `bbs_forum` (`fid`,`ftopics`,`fname`,`fdescription`,`uid`,`fmanage`) VALUES (NULL,'0','$fname','$fdescription','$fuid','$username') "))
		{
			header("location:bbs.php?uid=$fuid");
		}
		else
		{
			$message="版块不能重名";
			header("location:show.php?show=$message");
		}
	}
}
/*change infor*/
$user_mess=$_GET['change_infor'];
$user_mess=explode(",",$user_mess);
$uid=$user_mess['0'];
$mess=$user_mess['1'];
//change password if--POST--
if(isset($_POST['pwsub']))
{	
	if((strlen($_POST['password'])) < 7 || (strlen($_POST['password'])) > 33 )
	{
		$message="此密码长度为<font color=red>".strlen($_POST['password'])."</font>请保持在7-32之间";
		header("location:show.php?show=$message");
	}
	else
	{
		$password=md5($_POST['password']);
		$pw=mysql_query("UPDATE `bbs_member` SET `password`='$password' WHERE `uid`='$uid'");
		header("location:my_zone.php?uid=$uid");
	}
}
//change username if--POST--
if(isset($_POST['unsub']))
{
	$username=$_POST['username'];
	if($username=='')
	{
		$message="用户名不能为空";
		header("location:show.php?show=$message");
	}
	elseif((strlen($_POST['username'])) < 5 || (strlen($_POST['username'])) > 33)
	{
		$message="用户名<font color=red>$username</font>的长度为为<font color=red>".strlen($_POST['username'])."</font>请保持在5-32之间无效，请重新输入";
		header("location:show.php?show=$message");

	}
	elseif(mysql_query("UPDATE `bbs_member` SET `username`='$username' WHERE `uid`='$uid'"))
	{	
		header("location:my_zone.php?uid=$uid");
	}
	else
	{	
		$message="未知错误";
		header("location:show.php?show=$message");
	}
}
//change password
if($mess=="password")
{
	//"修改密码";
	$pw=mysql_query("SELECT `username` FROM `bbs_member` WHERE `uid`='$uid'");
	$pw=mysql_fetch_array($pw);
	$pw=$pw['username'];
?>	
	<form action="" method="post" />
	<table border="1" align="center">
		<tr>
			<td align="right">用户名：</td><td><font color="red"><?php echo $pw ; ?></font></td>
		</tr>
		<tr>
			<td align="right">密码：</td><td><input type="password" name="password" maxlength="25" size="25" /></td>
		</tr>
		<tr>
			<td colspan="2" align="center"><input type="submit" name="pwsub" value="确认修改" /></td>
		</tr>
	</table>
	</form>
<?php
}
//change username
elseif($mess=='username')
{
	//"修改昵称";
	$username=mysql_query(" SELECT `username` FROM `bbs_member` WHERE `uid`='$uid' ");
	$username=mysql_fetch_array($username);
	$username=$username['username'];
	
?>	
	<form action="" method="post" />
	<table border="1" align="center">
		<tr>
			<td align="right">用户名：</td><td><?php echo $username ; ?></td>
		</tr>
		<tr>
			<td align="right">新用户：</td><td><input type="text" name="username" maxlength="25" size="25" /></td>
		</tr>
		<tr>
			<td colspan="2" align="center"><input type="submit" name="unsub" /></td>
		</tr>
	</table>
	</form>
<?php	
	
}
//change headimg
elseif($mess=='headimg')
{	
	$type_name=array(
	
		 'image/pjpeg',
		 'image/jpg',
		 'image/jpeg',
		 'image/gif',
		 'image/png',
		 'image/x-png' 
	);
	
	$max_file_size=500000;
	$upfile_url="photo/";
	
	if(!file_exists($upfile_url))
	{
		mkdir($upfile_url);
	}
	
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
	if (!is_uploaded_file($_FILES["upfile"][tmp_name]))
	{
		 $message= "图片不存在!";
		 header("location:show.php?show=$message");
	}
	
	$file=$_FILES['upfile'];
	
	if($max_file_size<$file['size'])
	{
		 $message= "图片不要超过500K";
		 header("location:show.php?show=$message");
	}
	
	if(!in_array($file['type'],$type_name))
	{
		 $message= "图片类型不匹配".$file['type'];
		 header("location:show.php?show=$message");
	}
	
	$filename=$file['tmp_name'];
	$imagesize=getimagesize($filename);
	$pinfo=pathinfo($file['name']);
	$ftype=$pinfo['extension'];
	$imgdir=$upfile_url.time().".".$ftype;
	
	if(file_exists($imgdir))
	{
		 $message= "此文件名也存在";
		 header("location:show.php?show=$message");
	}
	
	if(!move_uploaded_file($filename,$imgdir))
	{
		 $message= "移动文件出错";
		 header("location:show.php?show=$message");
	}
}

if(isset($_POST['imgsub']))
{
	if(mysql_query(" UPDATE `bbs_member_infor` SET `photo`='$imgdir' WHERE `uid`='$uid' "))
	{
		header("location:my_zone.php?uid=$uid");
	}
	else
	{
		$message="未知错误";
		header("location:show.php?show=$message");
	}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>头像操作</title>
</head>

<body>
<form enctype="multipart/form-data" method="post"  action="">
<table border="1">
	<tr>
		<td width="150" height="150">
<?php
if(isset($_POST['showsub']))
{	
	echo "<img src=$imgdir width=150 height=150";
}
?>
		</td>
	</tr>
	<tr>
		<td><input name="upfile" type="file"></td>
	</tr>
	<tr>
		<td align="right"><input type="submit" name="showsub" value="浏览" /><input type="submit" name="imgsub" value="上传" /></td>
	</tr>
</table>
</form>

</body>
</html>

<?php 
} ///////////////////headimg finish
?>


<?php
/*开设版块*/
if(isset($_GET['forum']))
{
$forum=$_GET['forum'];
$forum=explode(',',$forum);
$fuid=$forum['0'];
$fclass=$forum['1'];
switch($fclass)
{
	case 1: $classn='会员'; break;
	case 2: $classn='高级会员'; break;
	case 3: $classn='白金会员'; break;
	case 4: $classn='版主'; break;
	case 5: $classn='管理员'; break;
}
$username=mysql_query("SELECT `username` FROM `bbs_member` WHERE `uid`='$fuid' ");
$username=mysql_fetch_array($username);
$username=$username['username'];
if($fclass>=4)
{
?>
<form action="show.php?add=<?php echo $fuid; ?>" method="post">
<table border="1">
	<tr>
		<td colspan="2">开设版块</td>
	</tr>
	<tr>
		<td align="right"><?php echo $classn;  ?></td><td><font color="red"><?php echo $username;?></font></td>
	</tr>
	<tr>
		<td align="right">版块名</td><td><input type="text" name="fname" size="25" /></td>
	</tr>
	<tr>
		<td align="right">版块描述</td><td><input type="text" name="fdescription" size="25" /></td>
	</tr>
	<tr>
		<td align="right" colspan="2"><input type="submit" name="add_F" value="增加" /></td>
	</tr>
</table>
</form>

<?php
}
}///////版块开闭完毕
?>

<?php
/*删除ID*/
if(isset($_GET['delete_id']))
{
	$d_id_c=$_GET['delete_id'];
	$d_id_c=explode(',',$d_id_c);
	$d_uid=$d_id_c['0'];
	$d_class=$d_id_c['1'];
	switch($d_class)
	{
		case 1: $classn='会员'; break;
		case 2: $classn='高级会员'; break;
		case 3: $classn='白金会员'; break;
		case 4: $classn='版主'; break;
		case 5: $classn='管理员'; break;
	}
	$username=mysql_query("SELECT `username` FROM `bbs_member` WHERE `uid`='$d_uid' ");
	$username=mysql_fetch_array($username);
	$username=$username['username'];

	if($d_class>=5)
	{
	?>
		<form action="show.php?del_id=<?php echo $d_uid; ?>" method="post">
		<table border="1">
			<tr>
				<td colspan="2" align="center">删除ID</td>
			</tr>
			<tr>
				<td align="right"><?php echo $classn;  ?></td><td><font color="red"><?php echo $username;?></font></td>
			</tr>
			<tr>
				<td align="right">对象UID:</td><td><input type="text" name="d_ob_id" size="25" /></td>
			</tr>
			<tr>
				<td align="right">对象用户名:</td><td><input type="text" name="d_ob_user" size="25" /></td>
			</tr>
			<tr>
				<td align="right" colspan="2"><input type="submit" name="delete_uid" value="删除" /></td>
			</tr>
		</table>
		</form>

<?php
	}
}//////////删除ID 完毕
?>

<?php
////////////发帖
if(isset($_GET['topic_uid']))
{
	$topic_uid=explode(',',$_GET['topic_uid']);
 	$uid=$topic_uid['0'];
	$fid=$topic_uid['1'];
	$username=mysql_query("SELECT `username` FROM `bbs_member` WHERE `uid`='$uid'");
	$username=mysql_fetch_array($username);
	$username=$username['username'];
?>
<form action="show.php?topic=<?php echo $uid_fid="$uid,$fid,$username"?>" method="post">
	<table border="1">
		<tr>
			<td colspan="2" align="center">发布主题</td>
		</tr>
		<tr>
			<td>作者:</td><td><font color="red"><?php echo $username;?></font></td>
		</tr>
		<tr>
			<td>主题名:</td><td><input type="text" name="title" size="45" maxlength="50" /></td>
		</td>
		<tr>
			<td>内容:<br /></td><td><textarea rows="5" cols="35" name="content"></textarea></td>
		</tr>
		<tr>
			<td colspan="2" align="right"><input type="submit" name="topic_sub" value="发布" /></td>
		</tr>
	</table>
</form>
<?php
}

?>















